Service Proxy

Service Proxy is a front-end protocol for Content Gateway that enables cluster administration (via the Swarm UI and the management API), giving you a single access point for managing and monitoring your entire Swarm cluster. With the Service Proxy, you can host Swarm cluster administration from a server that is accessible to your admins and have them manage their communication with the cluster.

The Service Proxy protocol is enabled and configured on a Gateway server through the Gateway Configuration. The Service Proxy provides access to the management API built into the Swarm cluster nodes, using the same IDSYS authorization and authentication as your Content Gateway.

Best Practice

Access: Enable the Service Proxy for cluster admins only, to grant them alone access to the cluster's Swarm UI and Management API. Disable Service Proxy for all other users (end users, tenants, customers), who should be restricted to the content interfaces (Content UI and the SCSP and S3 APIs).

Production: In production, have one Gateway dedicated to run as Service Proxy for your cluster administration (via Swarm UI and Management API), and have a pool of additional Gateways to handle all content management at scale. Only if the cluster is for testing or light usage should you enable both cluster administration and content management on a single Gateway instance, such as on a CSN.

Using the Service Proxy

To enable users to log in via the Service Proxy, provide them with the correct URL.

  • Host: Rather than use the IP address or hostname of a Swarm storage cluster node, give the Service Proxy hostname or IP instead. When using a hostname, verify that DNS resolves the name to the front-end IP address of the Gateway instance that is running Service Proxy.

  • Port: Include the bindPort value (from the [cluster_admin] section of Gateway Configuration).

Swarm UI Access
http://HOST:CLUSTER_ADMIN·BINDPORT/_admin/storage http://HOST:91/_admin/storage (default)

Once you've reached the UI, you will be prompted to log in:

Host

Read-only. The Service Proxy host name or IP address for the Swarm storage cluster to be viewed.

Username
Password

User logins for the UIs are not Swarm-managed but rather LDAP or PAM, as configured by the Gateway IDYSYS file, /etc/caringo/cloudgateway/idsys.json.

See Gateway Identity System.

How the Service Proxy Works

The Service Proxy servlet listens on the specified port and handles two types of requests on the same port:

  • Storage cluster management API requests, targeting storage nodes

  • Elasticsearch query requests, targeting Elasticsearch nodes

Authentication and authorization for the Service Proxy uses Content Gateway's root IDSYS and root Policy.

See Gateway Configuration for configuring the Service Proxy and Content Gateway Authentication for details on authentication/authorization.

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.